Mark Rasch of Korhman Jackson & Krantz writes:
A consistent pattern emerges in data breach and cyber-attack cases when companies turn to their insurers for coverage after such incidents. Whether they possess specialized cyber insurance or not, insurers often decline claims, citing various reasons such as failure to provide timely notice, failure to mitigate costs, employee misconduct or criminal activity leading to the breach, or attributing the losses to a party not covered by the policy. This holds true for both General Casualty or Liability policies (GCL) and specialized cyber liability insurance policies, covering damage to electronic assets.
On December 22, 2022 the Ohio Supreme Court in EMOI Servs., L.L.C. v. Owners Ins. Co. ruled that an Ohio medical billing company’s cyber insurance policy did not cover a ransomware claim for damages because the insured could not demonstrate that there was “physical harm or damage” to the computers which housed the data, as required by the terms of the policy.
Read more at JDSupra.